Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Patch

io.netty:netty-codec 5.0.0.Alpha2

Back to all
Package Version

io.netty:netty-codec 5.0.0.Alpha2

Github Repository

Package Version Scores

Overall
0
/10
Security
4
Activity
9
Popularity
8
Quality
4
All Factors
Security
Activity
Popularity
Code Quality
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.

Endor Patches

Patch Name
CVEs fixed
Lines of Code Changed
68155b0260daa6d1c7677875
CVEs Fixed
C
2
H
5
+423
-22

Vulnerabilities Fixed

Cve Name
CVE ID
Severity
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
CVE-2021-37137
High
HTTP Request Smuggling in Netty
CVE-2020-7238
High
Bzip2Decoder doesn't allow setting size restrictions for decompressed data
CVE-2021-37136
High
Denial of Service in Netty
CVE-2020-11612
High
HTTP Request Smuggling in Netty
CVE-2019-16869
High
HTTP Request Smuggling in Netty
CVE-2019-20444
Critical
HTTP Request Smuggling in Netty
CVE-2019-20445
Critical

Get the Patch Instantly Without Upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

References

Basic Information

Ecosystem
Release Date
LINES OF CODE CHANGED
+423
-22
-
on latest patch
License
Patch Available

Get the Patch Instantly

Secure your app without upgrading.
Fix Without Upgrading
{
"items": [
{
"title": "Recent Commit Activity",
"description": "Recent commit activity indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "Regular Code Review",
"description": "A large faction of the commits in this repository are associated with a pull request; this shows that development best practices are followed",
"category": "code quality",
"type": "upscore"
},
{
"title": "Continuous Commit Activity",
"description": "Continuous commit activity indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "Consistent Commit Activity",
"description": "Consistent commit activity over longer periods of time indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "Recent Issue Activity",
"description": "Recent issue activity indicates that the project is in active development",
"category": "activity",
"type": "upscore"
},
{
"title": "High Ratio of Closed Issues",
"description": "More issues being closed than opened indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "Issues with Labels",
"description": "Attaching labels to issues allows for better tracking of issue activity in the project",
"category": "code quality",
"type": "upscore"
},
{
"title": "High Ratio of Issues Created by External Contributors",
"description": "A high ratio of issues opened by external contributors indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "Recent Pull Request Activity",
"description": "Recent pull request activity indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "Activity From Corporate Accounts",
"description": "Activity from corporate affiliated accounts indicates that the project may have reliable backing and support",
"category": "activity",
"type": "upscore"
},
{
"title": "Activity from Reputable Accounts",
"description": "High activity from reputable accounts is an indication that the repository is well maintained. An account is considered reputable if it participates in multiple open source projects and has a high rating in GitHub",
"category": "activity",
"type": "upscore"
},
{
"title": "Releases do not Follow SemVer",
"description": "The repository has releases that do not follow the SemVer standard, this goes against best practices",
"category": "code quality",
"type": "downscore"
},
{
"title": "Older Releases are Maintained",
"description": "The repository keeps releasing updates to earlier release trains, this is a sign of a commitment to maintaining and supporting the users of the project",
"category": "activity",
"type": "upscore"
},
{
"title": "Frequent Releases",
"description": "The repository has frequent releases, this is a sign of a commitment to maintaining and supporting the codebase",
"category": "activity",
"type": "upscore"
},
{
"title": "Organization Repository",
"description": "When a repository belongs to an organization there is a lower risk of it getting abandoned in the future",
"category": "activity",
"type": "upscore"
},
{
"title": "Unfixed Medium Severity Vulnerabilities",
"description": "Unfixed medium severity vulnerabilities discovered in a repository indicate a somewhat elevated security risk. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "Contributions From Many Reputable Accounts",
"description": "A large number of reputable contributors affiliated with the project indicates that the project is reliable. An account is considered reputable if it participates in multiple open source projects and has a high rating in GitHub",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Stars",
"description": "A very high number of stars indicates high interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Forks",
"description": "Many forks show an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Subscribers",
"description": "A very large number of subscribers indicates an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Comments in Issues",
"description": "A high amount of comment activity in issues shows that there is engagement with the project",
"category": "activity",
"type": "upscore"
},
{
"title": "No Automated Build System",
"description": "Reproducible builds using makefiles or CI systems allow verification that no modifications, such as vulnerabilities or backdoors, have been introduced during a package's build process",
"category": "code quality",
"type": "downscore"
},
{
"title": "Repository Contains Binary Files",
"description": "When a repository contains binary files it is harder to analyze and assess its functionality and risks",
"category": "code quality",
"type": "downscore"
},
{
"title": "High Ratio of Test Code",
"description": "High quality projects should use tests",
"category": "code quality",
"type": "upscore"
},
{
"title": "Has a Security.md File",
"description": "A SECURITY.md file highlighting security related information is a sign of repository maturity",
"category": "security",
"type": "upscore"
},
{
"title": "Repository has Some Best Practice Files",
"description": "The repository has files that cover basic operational aspects of the project and this shows an emphasis on best practices",
"category": "code quality",
"type": "upscore"
},
{
"title": "Multiple Licenses",
"description": "Repositories with multiple licenses require extra effort to determine their exact license status",
"category": "code quality",
"type": "downscore"
}
]
}